I work on a lot of Policy and Procedure projects, and lately I’ve been thinking about how often I run into phrases like “threat of virus attacks.” Viruses are clearly a front-line worry for organizations, and certainly they haven’t gone away. But remember your careful Greek parsing of causality: Anti-virus is necessary for security (at least arguably), but it is not sufficient all by itself.
Personally, I’m much more worried about data loss. That’s especially true with the research firm Gartner’s proclamation that these leaks are “almost inevitable.” See the ComputerWorld article, “Wikileaks incidents stoke IT security angst” at:
http://www.computerworld.com/s/article/353209/WikiLeaks_Triggers_IT_Security_Angst
Anyone who has studied the workings of exploit toolkits like BackTrack knows how even trivial information can be used to find a weakness. Sensitive business information offers even greater threats. Perhaps the best line in the piece:
a Gartner Inc. bulletin said that leaks of confidential information — either by insiders or hackers — are “almost inevitable,” so organizations should expect that any memo they create could be disclosed.
Did you get that? Any paper or digital document can and likely will be used against you, in court or surreptitiously. Don’t ask me how I know this.